mailing list archives
RE: PATRIOT Act IT Security guidelines
From: "Jason Coombs" <jasonc () science org>
Date: Fri, 15 Nov 2002 10:20:38 -1000
Not to mention the fact that some financial institutions, in focusing on how
to finance The Inquisition rather than how to conduct it confidentially,
will probably tip off terrorists that they are being investigated by way of
charging them fees. This is further proof of the truism "you can't expect an
infosec novice to do security work and get it right the first time."
From: Jason Coombs [mailto:jasonc () science org]
Sent: Friday, November 15, 2002 10:11 AM
To: RD D; security-basics () securityfocus com
Subject: RE: PATRIOT Act IT Security guidelines
My bank recently informed me that my account would be charged $10.00 for
each immigration and naturalization service or other government-initiated
review of my account. Presumably this comes from the PATRIOT Act -- my bank
wants me to bear the cost of the additional monitoring when it specifically
targets me. I guess they've determined that the near-term impact on their
bottom line is potentially large so an incremental fee increase in other
areas or simple patriotism aren't adequate financing strategies for the
implementation of the PATRIOT Act.
There can be no doubt that certain demographic groups will be assessed such
fees far more frequently than others. The end result is probably racial
profiling paid for by the people who are the targets of investigation.
This is one of the most compelling reasons that private companies should
never be allowed to get involved in law enforcement -- even asking for their
help is a slippery slope and the government might be in the wrong on this
point. Legislators now have to come up with a PATRIOT Act Funding bill and a
PATRIOT Act Standards of Practice bill to regulate the way in which these
various private institutions demonstrate their patriotism, and the way they
jasonc () science org
From: RD D [mailto:rdd37it () hotmail com]
Sent: Tuesday, November 12, 2002 8:15 AM
To: security-basics () securityfocus com
Subject: PATRIOT Act IT Security guidelines
Hello All --
I have been researching the PATRIOT Act as it relates to data protection.
Essentially, the Act requires financial institutions to gather information
regarding terrorists and suspected terrorists, and monitor accounts which
they maintain for any links to the suspects.
I am interested in finding any guidelines on how this sensitive information
must be protected, potential penalties for negligence, and any reporting
requirements for intrusions or other incidences.
I have not been able to find very detailed information beyond what was
originally stated in the Act, which specifies that the Secretary of the
Treasury shall, in the future, enact regulations to:
"further establish procedures for the protection of the shared information,
consistent with the capacity, size, and nature of the institution to which
the particular procedures apply."
I believe the deadline for these additional regulations to be enacted has
passed, but have not been able to locate anything.
Thank you very much for any assistance.
Tired of spam? Get advanced junk mail protection with MSN 8.